The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl . - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c . - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h . - CVE-2020-14351: Fixed a race in the perf_mmap_close function . - CVE-2020-16120: Fixed a permissions issue in ovl_path_open . - CVE-2020-8694: Restricted energy meter to root access . - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 . The following non-security bugs were fixed: - ALSA: bebob: potential info leak in hwdep_read . - ALSA: compress_offload: remove redundant initialization . - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK macro . - ALSA: core: pcm: simplify locking for timers . - ALSA: core: timer: clarify operator precedence . - ALSA: core: timer: remove redundant assignment . - ALSA: ctl: Workaround for lockdep warning wrt card- greater than ctl_files_rwlock . - ALSA: hda - Do not register a cb func if it is registered already . - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 . - ALSA: hda/realtek - The front Mic on a HP machine does not work . - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 . - ALSA: hda: auto_parser: remove shadowed variable declaration . - ALSA: hda: use semicolons rather than commas to separate statements . - ALSA: mixart: Correct comment wrt obsoleted tasklet usage . - ALSA: rawmidi: align function parameters . - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl . - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 . - ALSA: usb-audio: endpoint.c: fix repeated word "there" . - ALSA: usb-audio: fix spelling mistake "Frequence" - greater than "Frequency" . - ASoC: qcom: lpass-cpu: fix concurrency issue . - ASoC: qcom: lpass-platform: fix memory leak . - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n . - ath10k: Fix the size used in a "dma_free_coherent" call in an error handling path . - ath10k: provide survey info as accumulated data . - ath6kl: prevent potential array overflow in ath6kl_add_new_sta . - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb . - ath9k: hif_usb: fix race condition between usb_get_urb and usb_kill_anchored_urbs . - backlight: sky81452-backlight: Fix refcount imbalance on error . - blk-mq: order adding requests to hctx- greater than dispatch and checking SCHED_RESTART . - block: ensure bdi- greater than io_pages is always initialized . - Bluetooth: MGMT: Fix not checking if BT_HS is enabled . - Bluetooth: Only mark socket zapped after unlocking . - bnxt: do not enable NAPI until rings are ready . - bnxt_en: Check for zero dir entries in NVRAM . - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach . - brcmfmac: check ndev pointer . - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy . - btrfs: check the right error variable in btrfs_del_dir_entries_in_log . - btrfs: do not force read-only after error in drop snapshot . - btrfs: do not set the full sync flag on the inode during page release . - btrfs: fix incorrect updating of log root tree . - btrfs: fix race between page release and a fast fsync . - btrfs: only commit delayed items at fsync if we are logging a directory . - btrfs: only commit the delayed inode when doing a full fsync . - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations . - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode . - btrfs: reduce contention on log trees when logging checksums . - btrfs: release old extent maps during page release . - btrfs: remove no longer needed use of log_writers for the log root tree . - btrfs: remove root usage from can_overcommit . - btrfs: stop incremening log_batch for the log root tree when syncing log . - btrfs: take overcommit into account in inc_block_group_ro . - btrfs: tree-checker: fix false alert caused by legacy btrfs root item . - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused . - can: flexcan: flexcan_chip_stop: add error handling and propagate error value . - can: softing: softing_card_shutdown: add braces around empty body in an "if" statement . - ceph: fix memory leak in ceph_cleanup_snapid_map . - ceph: map snapid to anonymous bdev ID . - ceph: promote to unsigned long long before shifting . - clk: at91: clk-main: update key before writing AT91_CKGR_MOR . - clk: at91: remove the checking of parent_name . - clk: bcm2835: add missing release if devm_clk_hw_register fails . - clk: imx8mq: Fix usdhc parents order . - coredump: fix crash when umh is disabled . - crypto: algif_skcipher - EBUSY on aio should be an error . - crypto: ccp - fix error handling . - crypto: ixp4xx - Fix the size used in a "dma_free_coherent" call . - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc . - crypto: omap-sham - fix digcnt register handling with export/import . - cxl: Rework error message for incompatible slots . - cypto: mediatek - fix leaks in mtk_desc_ring_alloc . - Disable ipa-clones dump for KMP builds The feature is not really useful for KMP, and rather confusing, so let"s disable it at building out-of-tree codes - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status . - drm/amdgpu: prevent double kfree ttm- greater than sg . - drm/gma500: fix error check . - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds . - drm/nouveau/mem: guard against NULL pointer access in mem_del . - EDAC/i5100: Fix error handling order in i5100_init_one . - eeprom: at25: set minimum read/write access stride to 1 . - Fix use after free in get_capset_info callback . - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY . - gtp: add GTPA_LINK info to msg sent to userspace . - HID: roccat: add bounds checking in kone_sysfs_write_settings . - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery . - i2c: imx: Fix external abort on interrupt in exit paths . - ibmveth: Identify ingress large send packets . - ibmveth: Switch order of ibmveth_helper calls . - ibmvnic: fix ibmvnic_set_mac . - ibmvnic: save changed mac address to adapter- greater than mac_addr . - iio:accel:bma180: Fix use of true when should be iio_shared_by enum . - iio:adc:max1118 Fix alignment of timestamp and data leak issues . - iio:adc:ti-adc0832 Fix alignment issue with timestamp . - iio:adc:ti-adc12138 Fix alignment issue with timestamp . - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE . - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak . - iio:light:si1145: Fix timestamp alignment and prevent data leak . - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required . - ima: Remove semicolon at the end of ima_get_binary_runtime_size . - include/linux/swapops.h: correct guards for non_swap_entry . - Input: ep93xx_keypad - fix handling of platform_get_irq error . - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 . - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume . - Input: omap4-keypad - fix handling of platform_get_irq error . - Input: sun4i-ps2 - fix handling of platform_get_irq error . - Input: twl4030_keypad - fix handling of platform_get_irq error . - iomap: Make sure iomap_end is called after iomap_begin . - ip: fix tos reflection in ack and reset packets . - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route . - iwlwifi: mvm: split a print to avoid a WARNING in ROC . - kbuild: enforce -Werror=return-type . - leds: mt6323: move period calculation . - lib/crc32.c: fix trivial typo in preprocessor condition . - libceph: clear con- greater than out_msg on Policy::stateful_server faults . - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - mac80211: handle lack of sband- greater than bitrates in rates . - mailbox: avoid timer start from callback . - media: ati_remote: sanity check for both endpoints . - media: bdisp: Fix runtime PM imbalance on error . - media: exynos4-is: Fix a reference count leak . - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync . - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync . - media: firewire: fix memory leak . - media: m5mols: Check function pointer in m5mols_sensor_power . - media: media/pci: prevent memory leak in bttv_probe . - media: omap3isp: Fix memleak in isp_probe . - media: platform: fcp: Fix a reference count leak . - media: platform: s3c-camif: Fix runtime PM imbalance on error . - media: platform: sti: hva: Fix runtime PM imbalance on error . - media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state" . - media: s5p-mfc: Fix a reference count leak . - media: saa7134: avoid a shift overflow . - media: st-delta: Fix reference count leak in delta_run_work . - media: sti: Fix reference count leaks . - media: tc358743: initialize variable . - media: ti-vpe: Fix a missing check and reference count leak . - media: tuner-simple: fix regression in simple_set_radio_freq . - media: usbtv: Fix refcounting mixup . - media: uvcvideo: Ensure all probed info is returned to v4l2 . - media: vsp1: Fix runtime PM imbalance on error . - memory: fsl-corenet-cf: Fix handling of platform_get_irq error . - memory: omap-gpmc: Fix a couple off by ones . - mfd: sm501: Fix leaks in probe . - mic: vop: copy data to kernel space then write to io memory . - misc: mic: scif: Fix error handling path . - misc: rtsx: Fix memory leak in rtsx_pci_probe . - misc: vop: add round_up for vring_size to avoid kernel panic . - mlx5 PPC ringsize workaround . - mlx5: remove support for ib_get_vector_affinity . - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa . - mm/huge_memory.c: use head to check huge zero page . - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node . - mm/mempolicy.c: fix out of bounds write in mpol_parse_str . - mm/mempolicy.c: use match_string helper to simplify the code . - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio . - mm/page-writeback.c: improve arithmetic divisions . - mm/page-writeback.c: use div64_ul for u64-by-unsigned-long divide . - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages . - mm/rmap: fixup copying of soft dirty and uffd ptes . - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n . - mm/zsmalloc.c: fix race condition in zs_destroy_pool . - mm/zsmalloc.c: fix the migrated zspage statistics . - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely . - mm: hugetlb: switch to css_tryget in hugetlb_cgroup_charge_cgroup . - mmc: sdio: Check for CISTPL_VERS_1 buffer size . - Move upstreamed patches into sorted section - mtd: lpddr: fix excessive stack usage with clang . - mtd: mtdoops: Do not write panic data twice . - mwifiex: do not call del_timer_sync on uninitialized timer . - mwifiex: Do not use GFP_KERNEL in atomic context . - mwifiex: fix double free . - mwifiex: remove function pointer check . - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO . - net/mlx5e: Take common TIR context settings into a function . - net/mlx5e: Turn on HW tunnel offload in all TIRs . - net: disable netpoll on fresh napis . - net: fec: Fix PHY init after phy_reset_after_clk_enable . - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable . - net: Fix potential wrong skb- greater than protocol in skb_vlan_untag . - net: hns: Fix memleak in hns_nic_dev_probe . - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC . - net: phy: Avoid NPD upon phy_detach when driver is unbound . - net: qrtr: fix usage of idr in port assignment to socket . - net: systemport: Fix memleak in bcm_sysport_probe . - net: usb: dm9601: Add USB ID of Keenetic Plus DSL . - net: usb: qmi_wwan: add Cellient MPL200 card . - net: usb: rtl8150: set random MAC address when set_ethernet_addr fails . - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key . - netlabel: fix problems with mapping removal . - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download . - nl80211: fix non-split wiphy information . - NTB: hw: amd: fix an issue about leak system resources . - nvme-rdma: fix crash due to incorrect cqe . - nvme-rdma: fix crash when connect rejected . - nvme: do not update disk info for multipathed device . - platform/x86: mlx-platform: Remove PSU EEPROM configuration . - powerpc/hwirq: Remove stale forward irq_chip declaration . - powerpc/icp-hv: Fix missing of_node_put in success path . - powerpc/irq: Drop forward declaration of struct irqaction . - powerpc/perf/hv-gpci: Fix starting index value . - powerpc/powernv/dump: Fix race while processing OPAL dump . - powerpc/powernv/elog: Fix race while processing OPAL error log event . - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal . - powerpc/pseries: Fix missing of_node_put in rng_init . - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation . - pty: do tty_flip_buffer_push without port- greater than lock in pty_write . - pwm: lpss: Add range limit check for the base_unit register value . - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare . - ring-buffer: Return 0 on success from ring_buffer_resize . - rtl8xxxu: prevent potential memory leak . - scsi: ibmvfc: Fix error return in ibmvfc_probe . - scsi: ibmvscsi: Fix potential race after loss of transport . - sctp: not disable bh in the whole sctp_get_port_local . - spi: fsl-espi: Only process interrupts for expected events . - tg3: Fix soft lockup when tg3_reset_task fails . - tipc: fix memory leak caused by tipc_buf_append . - tipc: fix shutdown of connection oriented socket . - tipc: fix shutdown of connectionless socket . - tipc: fix the skb_unshare in tipc_buf_append . - tipc: fix uninit skb- greater than data in tipc_nl_compat_dumpit . - tipc: use skb_unshare instead in tipc_buf_append . - tty: ipwireless: fix error handling . - tty: serial: earlycon dependency . - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char . - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices . - usb: cdc-acm: handle broken union descriptors . - usb: cdc-wdm: Make wdm_flush interruptible and add wdm_fsync . - usb: core: Solve race condition in anchor cleanup functions . - usb: dwc2: Fix INTR OUT transfers in DDMA mode . - usb: dwc2: Fix parameter type in function pointer prototype . - usb: dwc3: core: add phy cleanup for probe error handling . - usb: dwc3: core: do not trigger runtime pm when remove driver . - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests . - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets . - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above . - usb: gadget: function: printer: fix use-after-free in __lock_acquire . - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well . - usb: ohci: Default to per-port over-current protection . - usb: serial: qcserial: fix altsetting probing . - vfs: fix FIGETBSZ ioctl on an overlayfs file . - video: fbdev: sis: fix null ptr dereference . - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error . - VMCI: check return value of get_user_pages_fast for errors . - w1: mxc_w1: Fix timeout resolution problem leading to bus error . - watchdog: iTCO_wdt: Export vendorsupport . - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional . - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 . - writeback: Avoid skipping inode writeback . - writeback: Fix sync livelock due to b_dirty_time processing . - writeback: Protect inode- greater than i_io_list with inode- greater than i_lock . - x86, fakenuma: Fix invalid starting node ID . - x86/apic: Unify duplicated local apic timer clockevent initialization . - x86/fpu: Allow multiple bits in clearcpuid= parameter . - x86/xen: disable Firmware First mode for correctable memory errors . - xen/blkback: use lateeoi irq binding . - xen/events: add a new "late EOI" evtchn framework . - xen/events: add a proper barrier to 2-level uevent unmasking . - xen/events: avoid removing an event channel while handling it . - xen/events: block rogue events for some time . - xen/events: defer eoi in case of excessive number of events . - xen/events: do not use chip_data for legacy IRQs . - xen/events: fix race in evtchn_fifo_unmask . - xen/events: switch user event channels to lateeoi model . - xen/events: use a common cpu hotplug hook for event channels . - xen/gntdev.c: Mark pages as dirty . - xen/netback: use lateeoi irq binding . - xen/pciback: use lateeoi irq binding . - xen/scsiback: use lateeoi irq binding . - xen: XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information . - xfs: avoid infinite loop when cancelling CoW blocks after writeback failure . - xfs: limit entries returned when counting fsmap records . Special Instructions and Notes: Please reboot the system after installing this update.